From owner-svn-src-head@FreeBSD.ORG  Mon Sep 29 08:57:36 2014
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id CFFFCFF2;
 Mon, 29 Sep 2014 08:57:36 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BC7AD8BA;
 Mon, 29 Sep 2014 08:57:36 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8T8vaqk094032;
 Mon, 29 Sep 2014 08:57:36 GMT (envelope-from des@FreeBSD.org)
Received: (from des@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8T8vamj094031;
 Mon, 29 Sep 2014 08:57:36 GMT (envelope-from des@FreeBSD.org)
Message-Id: <201409290857.s8T8vamj094031@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: des set sender to des@FreeBSD.org
 using -f
From: Dag-Erling Smørgrav <des@FreeBSD.org>
Date: Mon, 29 Sep 2014 08:57:36 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r272280 - head/lib/libpam/modules/pam_login_access
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Sep 2014 08:57:36 -0000

Author: des
Date: Mon Sep 29 08:57:36 2014
New Revision: 272280
URL: http://svnweb.freebsd.org/changeset/base/272280

Log:
  Instead of failing when neither PAM_TTY nor PAM_RHOST are available, call
  login_access() with "**unknown**" as the second argument.  This will allow
  "ALL" rules to match.
  
  Reported by:	Tim Daneliuk <tundra@tundraware.com>
  Tested by:	dim@
  PR:		83099 193927
  MFC after:	3 days

Modified:
  head/lib/libpam/modules/pam_login_access/pam_login_access.c

Modified: head/lib/libpam/modules/pam_login_access/pam_login_access.c
==============================================================================
--- head/lib/libpam/modules/pam_login_access/pam_login_access.c	Mon Sep 29 01:17:42 2014	(r272279)
+++ head/lib/libpam/modules/pam_login_access/pam_login_access.c	Mon Sep 29 08:57:36 2014	(r272280)
@@ -94,8 +94,10 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
 		PAM_VERBOSE_ERROR("%s is not allowed to log in on %s",
 		    user, tty);
 	} else {
-		PAM_VERBOSE_ERROR("PAM_RHOST or PAM_TTY required");
-		return (PAM_AUTHINFO_UNAVAIL);
+		PAM_LOG("Checking login.access for user %s", user);
+		if (login_access(user, "***unknown***") != 0)
+			return (PAM_SUCCESS);
+		PAM_VERBOSE_ERROR("%s is not allowed to log in", user);
 	}
 
 	return (PAM_AUTH_ERR);